[jboss-jira] [JBoss JIRA] (JGRP-1487) X509Token Authentication vulnerable to replay attacks
sreenivas chinimilli (JIRA)
jira-events at lists.jboss.org
Fri Jun 29 05:42:12 EDT 2012
sreenivas chinimilli created JGRP-1487:
------------------------------------------
Summary: X509Token Authentication vulnerable to replay attacks
Key: JGRP-1487
URL: https://issues.jboss.org/browse/JGRP-1487
Project: JGroups
Issue Type: Bug
Affects Versions: 3.0.9
Reporter: sreenivas chinimilli
Assignee: Bela Ban
In the implementation of X509Token Authentication
The auth_value is enrypted with the certificate within the keystore and
during verification encrypted auth value is decrypted with the private key
compared against the orignial auth value.
This implementation is prone to replay attacks, that is
any user with out having any knowledge of the auth value can join the group
by replaying the enrypted auth value captured in earlier sessions.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list